CN106357839B - A kind of DNS query method and device - Google Patents

A kind of DNS query method and device Download PDF

Info

Publication number
CN106357839B
CN106357839B CN201610862454.9A CN201610862454A CN106357839B CN 106357839 B CN106357839 B CN 106357839B CN 201610862454 A CN201610862454 A CN 201610862454A CN 106357839 B CN106357839 B CN 106357839B
Authority
CN
China
Prior art keywords
query
mark
server
inquiry
query result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610862454.9A
Other languages
Chinese (zh)
Other versions
CN106357839A (en
Inventor
李晓东
吴腾
周琳琳
黄锴
孔宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Internet Network Information Center
Original Assignee
China Internet Network Information Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Internet Network Information Center filed Critical China Internet Network Information Center
Priority to CN201610862454.9A priority Critical patent/CN106357839B/en
Publication of CN106357839A publication Critical patent/CN106357839A/en
Application granted granted Critical
Publication of CN106357839B publication Critical patent/CN106357839B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

DNS query method provided in an embodiment of the present invention, when user carries out DNS query, terminal device obtains the mark to be checked that user wants inquiry, meanwhile, multiple noise inquiry marks are randomly generated.Then, mark to be checked and the multiple noise inquiry mark are accumulated into a query set, and then inquiry request is generated according to the query set and is sent to server.Server responds the inquiry request and obtains in query set all inquiries and identify corresponding query results merging returning to terminal device.Terminal device finds the corresponding query result of mark to be checked from query result set.This method is generated at random with fascinating noise inquiry mark; noise inquiry mark and true mark to be checked are submitted into server in a manner of batch query; server can only obtain a series of inquiry mark; it can not determine the mark really to be inquired of user; to realize the privacy of user protection of server end, the protective capability of privacy of user is greatlyd improve.

Description

A kind of DNS query method and device
Technical field
The invention belongs to field of computer technology more particularly to a kind of DNS (Domain Name System, domain name system) Querying method and device.
Background technique
DNS query can with the IP address of nslookup, A (Address, address) record, CNAME (Canonical Name, Alias) record, MX (Mail Exchange, mail routing) record, NS (Name Server, name server) record etc..Example Such as, it when client-side program will access a host in network by a Hostname, first has to obtain this host IP address corresponding to title, because allowing to be arranged the IP address of destination host in IP address datagram, rather than Hostname IP address corresponding to Hostname can be obtained from the hosts file of the machine, but if hosts file cannot parse the master When machine title, it can only be obtained by being inquired to dns server.
DNS query is transmitted by UDP (User Datagram Protocol, User Data Protocol), and whole transparent, That is, anyone is by certain means just it can be seen that the DNS query of user.This is likely to leakage individual privacy, for example, QNAME (Qualified Name, qualified name) and source IP (Internet Protocol, network protocol) address;Wherein, QNAME includes The complete information for the network address that user needs to inquire.QNAME may leak the behavioural information of user, in addition, QNAME may also Some software informations can be embedded in, these may all reveal user information.
DNS query needs the information to be inquired by network transmission user, can be by very during network transmission Multi-router and intermediate equipment, if attacker takes over the communication channels passively listens strategy, it will be collected into many important User information, for example, the domain-name information of the IP address of user and inquiry.The scheme of the protection privacy of user proposed at present is main It is to realize that these schemes are looked by cipher mode user in intermediate communication channels by encrypted query and response message The response message for asking information and server encrypts, and still, the privacy of user being still unavoidable from the server is let out Reveal phenomenon.
Summary of the invention
In view of this, the purpose of the present invention is to provide a kind of DNS query method and device, with solve in the prior art without Method avoids the technical issues of server-side user privacy leakage.Specific technical solution is as follows:
In a first aspect, the present invention provides a kind of DNS query method, it is applied in terminal device, comprising:
The mark to be checked that user wants inquiry is obtained, and, obtain the preset quantity noise inquiry mark being randomly generated Know, inquiry mark includes Hostname or domain name;
Query set is generated using the mark to be checked and preset quantity noise inquiry mark;
Inquiry request is generated according to the query set and is sent to server, and the inquiry request is for looking into server It askes and obtains the corresponding query result set of whole inquiry marks that the query set is included;
The query result set that the server returns is received, and is searched from the query result set and obtains institute State the corresponding query result of mark to be checked.
It is optionally, described to obtain the preset quantity noise inquiry mark being randomly generated, comprising:
Preset quantity mark is selected to be determined as the noise inquiry mark, institute from identification database using random function Identification database is stated for storing known mark.
Optionally, the method also includes:
The key parameter of the random function is updated according to preset duration, the key parameter determines the random function Random selection strategy, the preset duration are set according to the average lookup time interval of a large number of users, and are greater than refusing for server The time interval of exhausted service attack.
It is optionally, described that inquiry request is generated according to the query set and is sent to server, comprising:
The query set is encrypted, encrypted query set is obtained;
Inquiry request is generated according to the encrypted query set and is sent to server, so that the server responds The inquiry request obtains corresponding query result set, and, add the server to the query result set It is close;
The query result set for receiving the server and returning, and searched from the query result set Include: to the corresponding query result of the mark to be checked
Receive the encrypted query result set that the server returns;
The encrypted query result set is decrypted, the query result set after being decrypted;
It is searched from the query result set after the decryption and obtains the corresponding query result of the mark to be checked.
Optionally, the query result includes: and inquires the corresponding IP address of mark, address record, canonical name, mail to refer to At least one of into record and name server record.
Second aspect, the present invention provide a kind of DNS query device, are applied in terminal device, comprising:
First obtains module, the mark to be checked of inquiry is wanted for obtaining user, the mark to be checked includes host Title or domain name;
Second obtains module, for obtaining the preset quantity noise being randomly generated inquiry mark;
Query set generation module, for utilizing the mark to be checked and preset quantity noise inquiry mark life At query set;
Inquiry request generation module, it is described for generating inquiry request according to the query set and being sent to server Inquiry request is used to that server inquiry to be made to obtain whole inquiries that the query set is included to identify corresponding query results It closes;
Searching module, the query result set returned for receiving the server, and from the query results It is searched in conjunction and obtains the corresponding query result of the mark to be checked.
Optionally, the second acquisition module is specifically used for:
Preset quantity mark is selected to be determined as the noise inquiry mark, institute from identification database using random function Identification database is stated for storing known mark.
Optionally, described device further include:
Parameter updating module, for updating the key parameter of the random function, the key parameter according to preset duration Determine the random selection strategy of the random function, the preset duration is set according to the average lookup time interval of a large number of users It is fixed, and it is greater than the time interval of the Denial of Service attack of server.
Optionally, the inquiry request generation module, comprising:
It encrypts submodule and obtains encrypted query set for encrypting to the query set;
Inquiry request generates submodule, for generating inquiry request according to the encrypted query set and being sent to clothes Business device, so that the server responds the inquiry request and obtains corresponding query result set, and, make the server pair The query result set is encrypted;
The searching module, comprising:
Receiving submodule, the encrypted query result set returned for receiving the server;
Decrypt submodule, for the encrypted query result set to be decrypted, the inquiry knot after being decrypted Fruit set;
Submodule is searched, obtains the mark correspondence to be checked for searching from the query result set after the decryption Query result.
Optionally, the query result includes: and inquires the corresponding IP address of mark, address record, canonical name, mail to refer to At least one of into record and name server record.
Above-mentioned technical proposal provided by the invention has the advantages that terminal device obtains when user carries out DNS query User wants the mark to be checked of inquiry, meanwhile, multiple noise inquiry marks are randomly generated.Then, by mark to be checked and institute It states multiple noise inquiry marks and accumulates a query set, and then inquiry request is generated according to the query set and is sent to clothes Business device.Server responds the inquiry request and obtains in query set all inquiries and identify corresponding query results merging returning to Terminal device.Terminal device finds the corresponding query result of mark to be checked from query result set.This method generates at random Mark is inquired with fascinating noise, noise inquiry mark and true mark to be checked are submitted in a manner of batch query Server, server can only obtain a series of inquiry mark, the mark really to be inquired of user can not be determined, to realize clothes The privacy of user protection at business device end, greatlys improve the protective capability of privacy of user.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is a kind of schematic diagram of DNS query system of the embodiment of the present invention;
Fig. 2 is a kind of flow diagram of DNS query method of the embodiment of the present invention;
Fig. 3 is the flow diagram of another kind DNS query method of the embodiment of the present invention;
Fig. 4 is a kind of schematic diagram of multiple DNS query process of the embodiment of the present invention;
Fig. 5 is a kind of block diagram of DNS query device of the embodiment of the present invention;
Fig. 6 is the block diagram of another kind DNS query device of the embodiment of the present invention;
Fig. 7 is the block diagram of another DNS query device of the embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Referring to Figure 1, a kind of schematic diagram of DNS query system of the embodiment of the present invention is shown, as shown in Figure 1, DNS query System mainly includes terminal device 1 and server 2;Wherein, terminal device 1 can be mounted in terminal device (for example, PC machine, The intelligent terminals such as smart phone) on client application;Server 2 can be DNS query server.User passes through terminal Equipment inputs the mark to be inquired, is sent to server 2 by internet by terminal device.The inquiry of server 2 obtains the mark Corresponding query result, and return to terminal device 1.
Fig. 2 is referred to, a kind of flow diagram of DNS query method of the embodiment of the present invention is shown, this method is applied to In system shown in FIG. 1, as shown in Fig. 2, this method may comprise steps of:
S110, terminal device obtain the mark to be checked that user wants inquiry.
Mark to be checked may include Hostname, domain name, alternatively, the mark in Internet of Things;For example, inquiry mark is hundred It spends webpage domain name " baidu.com ".
User can input the mark to be inquired in the inquiry input control of terminal device.
S120, terminal device obtain the preset quantity noise inquiry mark being randomly generated.
Terminal device can use random function, and multiple marks are randomly choosed from identification database as noise inquiry mark Know.Identification database is for storing the mark being currently known, for example, as it is known that the domain name of webpage.
For example, identification database is set as the website of website ranking 1-500, random function is from being randomly generated a 1-500 Integer, and obtain the domain name of the corresponding website of the number as a noise inquiry mark.If 5 when batch query capacity, It then needs to generate the integer between 5 1-500.
S130, terminal device generate query set according to mark to be checked and preset quantity noise inquiry mark.
Mark to be checked and noise the inquiry mark that terminal device inputs user constitute query set.
For example, query set be Q=baidu.com, linkedin.com, weibo.com, hao123.com, espn.go.com}。
S140, terminal device generates inquiry request according to the query set, and the inquiry request is sent to server.
Terminal device generates an inquiry request using query set, includes the whole in query set in the inquiry request Inquiry mark, that is, multiple marks can be inquired by sending one query request.
S150, server parse the inquiry request received, obtain the query set.
S160, server obtains the corresponding query result set of the whole inquiry marks for including in query set, and returns Back to terminal device.
Server obtains mark to be checked and the inquiry of each noise in query set and identifies corresponding query result, and will Inquiry, which combines, to be collected to obtain a query result set.
User can specify the type of query result when initiating inquiry request, wherein the type of query result includes IP Address, A record, CNAME record, MX record, NS record etc..
For example, query result type is IP address, then the corresponding query result of query set example in S130 is R= 123.125.114.144,108.174.10.10,180.149.134.141,123.125.114.224, 199.181.133.61}
S170, terminal device search the corresponding query result of mark to be checked from the query result set received.
Terminal device finds the corresponding query result of mark to be checked of user's input from query result set, and opens up Show to user.
Examples detailed above is adopted, terminal device finds the domain name that user wants inquiry from query result set R The corresponding IP address of baidu.com is 123.125.114.144, and shows user.
DNS query method provided in this embodiment obtains the mark to be checked of user's input when user carries out DNS query Know, meanwhile, randomly choose multiple noise inquiry marks.Then, mark to be checked and noise inquiry mark are accumulated one and looked into Set is ask, and then inquiry request is generated according to the query set and is sent to server.Server responds the inquiry request and obtains All inquiry identifies the merging of corresponding query results and returns to terminal device in query set, and terminal device is from query results The corresponding last ten-days period result of mark to be checked is found in conjunction.This method is generated at random with fascinating noise inquiry mark, will be made an uproar Sound inquiry mark and true mark to be checked submit to server in a manner of batch query, and server can only obtain a series of Inquiry mark, can not determine the mark really to be inquired of user, to realize the privacy of user protection of server end, greatly mention The protective capability of high privacy of user.
Fig. 3 is referred to, the flow diagram of another kind DNS query method of the embodiment of the present invention, this method application are shown In system shown in FIG. 1, in the present embodiment, request is transmitted with encrypted test mode between terminal device and server and response disappears Breath.As shown in figure 3, this method may comprise steps of:
S210, terminal device obtain the mark to be checked that user wants inquiry.
S220, terminal device randomly choose preset quantity noise inquiry mark using random function from identification database Know.
Mark to be checked and preset quantity noise inquiry mark are accumulated a query set by S230, terminal device.
For example, query set isWherein, HiIt is the mark that user wants inquiry, H1……Hi-1And Hi+1…… HnIt is noise inquiry mark.
S240, terminal device encrypt query set, obtain encrypted query set.
Encrypted query set is
S250, terminal device generates inquiry request using encrypted query set, and is sent to server.
S260, server parse inquiry request and obtain encrypted query set.
S270, the query set after server by utilizing key pair encryption are decrypted, the query set after being decrypted.
S280, server inquire each inquiry in the query set after being decrypted and identify corresponding query result, obtain Query result set.
In the present embodiment, query result set can be denoted as
S290, server encrypt query result set, obtain encrypted query result set, and be sent to end End equipment.
In the present embodiment, encrypted query result set can be denoted as
S2100, terminal device utilize the query result set after key pair encryption, the query results after being decrypted It closes.
In the present embodiment, the query result set after decryption can be denoted as
It should be noted that encrypted query result set is carried in response message and is sent to terminal and sets by server Standby, terminal device resolution response message obtains encrypted query result set, then, then to encrypted query result set It is decrypted, the query result set after being decrypted.
S2110, terminal device find the corresponding query result of mark to be checked from the query result set after decryption, And show user.
Terminal device searches that obtain the mark to be checked that user really to be inquired corresponding from clear text queries results set Query result.
DNS query method provided in this embodiment, on the basis of introducing noise inquiry mark, to terminal device and service The message transmitted between device is encrypted, and privacy of user protective capability is further improved.
In above-mentioned Fig. 2 and embodiment shown in Fig. 3, under the application scenarios passively listened, when server receives inquiry SetAfterwards, server end accurately guesses that user really wants the probability of mark to be checked of inquiry and is
Become active attack mode when passively listening, for example, controlling network by various means, server is allowed ceaselessly to refuse The batch query of exhausted user, alternatively, abandoning query message.User can only generate the operation above method again, generate new inquiry Gather, the noise inquiry mark in new query set can also change immediately, but user wants the mark to be checked beginning of inquiry Constant eventually, the probability that such server can accurately guess mark to be checked significantly improves.Public portion in different query sets Branch reduces privacy of user degree of protection.
For example, including 3 inquiry marks, identification database DB={ H that is, in query set when batch query capacity is 31, H2, H3, H4, H5, H6, three times after Denial of Service attack, server end guesses that successful probability becomes 1, and process is as shown in table 1:
Table 1
Step Query set Intersection Probability of guessing
1 Q1={ H1,H2,H3} - P1=1/3
2 Q2={ H1,H2,H5} Q1∩Q2={ H1,H2} P2=1/2
3 Q3={ H1,H4,H6} Q2∩Q3={ H1} P3=1
In order to solve the problems, such as Denial of Service attack, the present invention proposes another DNS query method, in the present embodiment, adopts The mode of the key parameter seed in random function is updated with timing, so that the noise inquiry mark that random function generates is certain It is remained unchanged in time, key parameter seed determines the randomly selected strategy of random function, and seed is identical in principle, mark data Library is identical, then the noise inquiry mark of random function selection is identical.
Ordinary user initiates the time interval of DNS query usually long (for example, 3min), significantly larger than Denial of Service attack The time interval (for example, 5s) hit.Therefore, seed can be set more according to the average lookup time interval of delta t of a large number of users The new time.For example, the renewal time of seed is set as Δ t, seed is remained unchanged within the Δ t time, is more than to update after Δ t seed.In this way, the noise inquiry mark of generation does not change when both can guarantee by attack is rejected the service request, meanwhile, guarantee When the new inquiry of normal request, random function can reselect a collection of noise inquiry mark, so that server can not track The mark to be inquired.
Fig. 4 is referred to, the schematic diagram of multiple DNS query process is shown, as shown in figure 4, the process includes:
S310, terminal device initiate batch query request Q (S1) to server.
In the present embodiment, this query set is S1, and it is H1 that user, which really wants the mark to be checked of inquiry,.
S320, server refuses the inquiry request of terminal device, and refuses to respond message to terminal device return.
S330, terminal device judge whether current time and the time interval of last inquiry request are greater than preset duration, If it is less than or equal to preset duration, then S340 is executed;If it is greater, then executing S350.
In the present embodiment, preset duration can be set as the average lookup time interval of delta t of user.
S340, terminal device initiate batch query request Q (S1) to server.
Within the Δ t time, no matter refuse to service by how many times, query set is constant always.
S350, terminal device initiate batch query request Q (S2) to server, must include the mark to be inquired of user in S2 Know H1.
After currently used seed is more than Δ t, new noise inquiry mark is generated, new noise inquiry mark and user want The mark of inquiry forms new query set together.Even if attacker recognizes the production method of noise inquiry mark, due to The update mechanism of seed causes attacker reversely can not accurately speculate the mark of original query of user.In addition, refusal service It is obvious that attacker is after server end attempts Denial of Service attack for several times, exposed wind direction rises feature, may promote to attack The person of hitting abandons such attack pattern.
DNS query method provided in this embodiment, noise inquiry mark updates again after retaining preset duration, and preset duration It is far longer than the time interval of server Denial of Service attack.When terminal device faces Denial of Service attack, in preset duration It inside all keeps noise inquiry mark constant, substantially reduces server end and accurately guess that user wants the probability of the mark of inquiry, into One step improves the ability of privacy of user protection.
For the various method embodiments described above, for simple description, therefore, it is stated as a series of action combinations, but Be those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because according to the present invention, certain A little steps can be performed in other orders or simultaneously.Secondly, those skilled in the art should also know that, it is retouched in specification The embodiment stated belongs to preferred embodiment, and related actions and modules are not necessarily necessary for the present invention.
Corresponding to above-mentioned DNS query embodiment of the method, the present invention also provides DNS query Installation practices.
Fig. 5 is referred to, a kind of block diagram of DNS query device of the embodiment of the present invention is shown, which sets applied to terminal In standby, as shown in figure 5, the device includes: that the first acquisition module 110, second obtains module 120, query set generation module 130, inquiry request generation module 140 and searching module 150.
First obtains module 110, and the mark to be checked of inquiry is wanted for obtaining user;Mark to be checked includes host name Title or domain name.
Mark to be checked may include Hostname, domain name, alternatively, the mark in Internet of Things;For example, inquiry mark is hundred It spends webpage domain name " baidu.com ".
Second obtains module 120, for obtaining the preset quantity noise being randomly generated inquiry mark.
In a kind of possible implementation of the invention, second, which obtains module 120, utilizes random function from mark data Preset quantity mark is selected to be determined as the noise inquiry mark in library, the identification database is for storing known mark.
For example, identification database is set as the website of website ranking 1-500, random function is from being randomly generated a 1-500 Integer, and obtain the domain name of the corresponding website of the number as a noise inquiry mark.
Query set generation module 130, for utilizing the mark to be checked and preset quantity noise inquiry mark Know and generates query set.
For example, query set be Q=baidu.com, linkedin.com, weibo.com, hao123.com, espn.go.com}。
Inquiry request generation module 140, for generating inquiry request according to the query set and being sent to server;
Terminal device generates an inquiry request using query set, includes the whole in query set in the inquiry request Inquiry mark, that is, multiple marks can be inquired by sending one query request.
The inquiry request is used to that server inquiry to be made to obtain whole inquiry marks that the query set is included to correspond to Query result set.Server obtains mark to be checked and the inquiry of each noise in query set and identifies corresponding inquiry knot Fruit, and inquiry is combined and collects to obtain a query result set.
User can specify the type of query result when initiating inquiry request, wherein the type of query result includes IP Address, A record, CNAME record, MX record, NS record etc..
For example, query result type is IP address, then the corresponding query result of query set example in S130 is R= 123.125.114.144,108.174.10.10,180.149.134.141,123.125.114.224, 199.181.133.61}
Searching module 150, the query result set returned for receiving the server, and from the query result It is searched in set and obtains the corresponding query result of the mark to be checked.
Examples detailed above is adopted, terminal device finds the domain name that user wants inquiry from query result set R The corresponding IP address of baidu.com is 123.125.114.144, and shows user.
User, is wanted the mark to be checked of inquiry by DNS query device provided in this embodiment, and is randomly generated more A noise inquiry mark accumulates a query set, generates inquiry request, i.e. individually looking into user according to the query set Inquiry evolves into batch query and the batch query set of generation is submitted to server, and server can only obtain a series of inquiry Mark, can not determine the mark really to be inquired of user, to realize the privacy of user protection of server end, greatly improve use The protective capability of family privacy.
Fig. 6 is referred to, the block diagram of another kind DNS query device of the embodiment of the present invention, the DNS query of the present embodiment are shown Parameter updating module is increased on the basis of device embodiment shown in Fig. 5.As shown in fig. 6,
Parameter updating module 210 is connected with the second acquisition module 120, for updating the pass of random function according to preset duration Bond parameter;
The key parameter determines the random selection strategy of the random function, and the preset duration is according to a large number of users The setting of average lookup time interval, and it is greater than the time interval of the Denial of Service attack of server.
Ordinary user initiates the time interval of DNS query usually long (for example, 3min), significantly larger than Denial of Service attack The time interval (for example, 5s) hit.Therefore, seed can be set more according to the average lookup time interval of delta t of a large number of users The new time.For example, the renewal time of seed is set as Δ t, seed is remained unchanged within the Δ t time, is more than to update after Δ t seed.In this way, the noise inquiry mark of generation does not change when both can guarantee by attack is rejected the service request, meanwhile, guarantee When the new inquiry of normal request, random function can reselect a collection of noise inquiry mark, so that server can not track The mark to be inquired.
DNS query device provided in this embodiment, noise inquiry mark updates again after retaining preset duration, and preset duration It is far longer than the time interval of server Denial of Service attack.When terminal device faces Denial of Service attack, in preset duration It inside all keeps noise inquiry mark constant, substantially reduces server end and accurately guess that user wants the probability of the mark of inquiry, into One step improves the ability of privacy of user protection.
Fig. 7 is referred to, shows the block diagram of another DNS query device of the embodiment of the present invention, in the present embodiment, terminal is set It is standby that request and response message are transmitted with encrypted test mode between server.As shown in fig. 7, the device includes: the first acquisition module 310, the second acquisition module 320, parameter updating module 330, query set generation module 340, encryption submodule 350, inquiry are asked It seeks survival into submodule 360, receiving submodule 370, decryption submodule 380 and searches submodule 390.
Wherein, first module 310, second acquisition module 320, parameter updating module 330, query set generation module are obtained 340 is identical as the function in above-mentioned apparatus embodiment, repeats no more in the present embodiment.
It encrypts submodule 350 and obtains encrypted query set for encrypting to the query set;
Inquiry request generates submodule 360, for generating inquiry request according to the encrypted query set and sending To server, so that the server responds the inquiry request and obtains corresponding query result set, and, make the service Device encrypts the query result set;
Receiving submodule 370, the encrypted query result set returned for receiving the server;
Decrypt submodule 380, for the encrypted query result set to be decrypted, the inquiry after being decrypted Results set;
Submodule 390 is searched, obtains the mark to be checked for searching from the query result set after the decryption Corresponding query result.
DNS query device provided in this embodiment, on the basis of introducing noise inquiry mark, to terminal device and service The message transmitted between device is encrypted, and effectively solves to listen to the inquiry mark of user by attacker in network transmission process Problem further improves privacy of user protective capability.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other. For device class embodiment, since it is basically similar to the method embodiment, so being described relatively simple, related place ginseng See the part explanation of embodiment of the method.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged Except there is also other identical elements in the process, method, article or apparatus that includes the element.
The foregoing description of the disclosed embodiments can be realized those skilled in the art or using the present invention.To this A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest Range.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims (6)

1. a kind of DNS query method is applied in terminal device characterized by comprising
Obtain the mark to be checked that user wants inquiry;
Preset quantity mark is selected to be determined as noise inquiry mark, the mark number from identification database using random function According to library for storing known mark;
Query set is generated using the mark to be checked and preset quantity noise inquiry mark;
Inquiry request is generated according to the query set and is sent to server, and the inquiry request is for obtaining server inquiry It obtains whole inquiries that the query set is included and identifies corresponding query result set;
Receive the query result set that the server returns, and search from the query result set obtain it is described to Inquiry identifies corresponding query result
Wherein, the key parameter of the random function is updated according to preset duration, the key parameter determines the random function Random selection strategy, the preset duration is set according to the average lookup time interval of a large number of users, and is greater than server The time interval of Denial of Service attack.
2. the method according to claim 1, wherein described concurrent according to query set generation inquiry request Give server, comprising:
The query set is encrypted, encrypted query set is obtained;
Inquiry request is generated according to the encrypted query set and is sent to server, so that described in server response Inquiry request obtains corresponding query result set, and, encrypt the server to the query result set;
The query result set for receiving the server and returning, and searched from the query result set and obtain institute Stating the corresponding query result of mark to be checked includes:
Receive the encrypted query result set that the server returns;
The encrypted query result set is decrypted, the query result set after being decrypted;
It is searched from the query result set after the decryption and obtains the corresponding query result of the mark to be checked.
3. the method according to claim 1, wherein the query result includes: to inquire with identifying corresponding IP At least one of in location, address record, canonical name, mail direction record and name server record.
4. a kind of DNS query device is applied in terminal device characterized by comprising
First obtains module, the mark to be checked of inquiry is wanted for obtaining user, the mark to be checked includes Hostname Or domain name;
Second obtains module, looks into for selecting preset quantity mark to be determined as noise from identification database using random function Mark is ask, the identification database is for storing known mark;
Query set generation module, for generating and looking into using the mark to be checked and preset quantity noise inquiry mark Ask set;
Inquiry request generation module, for generating inquiry request according to the query set and being sent to server, the inquiry It requests to identify corresponding query result set for making server inquiry obtain whole inquiries that the query set is included;
Searching module, the query result set returned for receiving the server, and from the query result set Lookup obtains the corresponding query result of the mark to be checked
Parameter updating module, for updating the key parameter of the random function according to preset duration, the key parameter is determined The random selection strategy of the random function, the preset duration are set according to the average lookup time interval of a large number of users, and Greater than the time interval of the Denial of Service attack of server.
5. device according to claim 4, which is characterized in that the inquiry request generation module, comprising:
It encrypts submodule and obtains encrypted query set for encrypting to the query set;
Inquiry request generates submodule, for generating inquiry request according to the encrypted query set and being sent to service Device, so that the server responds the inquiry request and obtains corresponding query result set, and, make the server to institute Query result set is stated to be encrypted;
The searching module, comprising:
Receiving submodule, the encrypted query result set returned for receiving the server;
Decrypt submodule, for the encrypted query result set to be decrypted, the query results after being decrypted It closes;
Submodule is searched, the mark to be checked is obtained for being searched from the query result set after the decryption and corresponding looks into Ask result.
6. device according to claim 4, which is characterized in that the query result includes: to inquire with identifying corresponding IP At least one of in location, address record, canonical name, mail direction record and name server record.
CN201610862454.9A 2016-09-28 2016-09-28 A kind of DNS query method and device Active CN106357839B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610862454.9A CN106357839B (en) 2016-09-28 2016-09-28 A kind of DNS query method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610862454.9A CN106357839B (en) 2016-09-28 2016-09-28 A kind of DNS query method and device

Publications (2)

Publication Number Publication Date
CN106357839A CN106357839A (en) 2017-01-25
CN106357839B true CN106357839B (en) 2019-11-19

Family

ID=57865543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610862454.9A Active CN106357839B (en) 2016-09-28 2016-09-28 A kind of DNS query method and device

Country Status (1)

Country Link
CN (1) CN106357839B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040546B (en) * 2017-05-26 2020-03-03 浙江鹏信信息科技股份有限公司 Domain name hijacking detection and linkage handling method and system
CN110858251B (en) * 2018-08-22 2020-07-21 阿里巴巴集团控股有限公司 Data query method and device
CN109299149B (en) * 2018-10-09 2020-07-14 北京腾云天下科技有限公司 Data query method, computing device and system
CN112543215B (en) * 2019-09-23 2024-06-21 北京国双科技有限公司 Access request processing method, system, device, storage medium and electronic equipment
CN112995205B (en) * 2021-04-13 2021-08-20 北京百度网讯科技有限公司 Query method, device, equipment and storage medium based on block chain
CN114357522A (en) * 2022-01-13 2022-04-15 厦门荷月信息科技有限公司 Privacy calculation grouping query method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102112979A (en) * 2008-08-08 2011-06-29 微软公司 Secure resource name resolution
CN102577303A (en) * 2009-04-20 2012-07-11 思杰系统有限公司 Systems and methods for generating a dns query to improve resistance against a dns attack

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2001294093A1 (en) * 2000-10-10 2002-04-22 Nokia Corporation Techniques for hiding network element names and addresses
JP2005101890A (en) * 2003-09-25 2005-04-14 Toshiba Corp Device and program for name registration mediation, and for name solution mediation name solution system, and name solution method
US20100287246A1 (en) * 2007-02-14 2010-11-11 Thomas Klos System for processing electronic mail messages with specially encoded addresses

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102112979A (en) * 2008-08-08 2011-06-29 微软公司 Secure resource name resolution
CN102577303A (en) * 2009-04-20 2012-07-11 思杰系统有限公司 Systems and methods for generating a dns query to improve resistance against a dns attack

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"DNS原理入门";阮一峰;《阮一峰的网络日志》;20160616;第2-4页、第10页 *
"噪声干扰技术在加密中的应用";关丽梅;《魅力中国》;20100907;第1页左栏第8段,右栏第5段 *

Also Published As

Publication number Publication date
CN106357839A (en) 2017-01-25

Similar Documents

Publication Publication Date Title
CN106357839B (en) A kind of DNS query method and device
Afanasyev et al. SNAMP: Secure namespace mapping to scale NDN forwarding
US8838670B2 (en) Collaboration between internet service providers and content distribution systems
JP3848198B2 (en) Name server, network system, reverse request processing method, forward request processing method and communication control method
Schomp et al. On measuring the client-side DNS infrastructure
US8837483B2 (en) Mapping private and public addresses
US11025584B2 (en) Client subnet efficiency by equivalence class aggregation
US10372775B2 (en) Anonymous identity in identity oriented networks and protocols
CN101141488B (en) Multicast service agent implementing method and system and node discovering method
US11750363B2 (en) Privacy-preserving domain name service (DNS)
EP3248364A1 (en) Network identification as a service
CN108632401B (en) Anonymous query method and system for reducing privacy leakage on DNS recursive server
Kaiser et al. Adding privacy to multicast DNS service discovery
JP3692107B2 (en) Name resolution apparatus and name resolution method
Zhao et al. Two-servers PIR based DNS query scheme with privacy-preserving
WO2013082791A1 (en) Dns client address and rr ttl updating method, device and system
US11070513B2 (en) DNS-based method of transmitting data
Afanasyev et al. Map-and-encap for scaling ndn routing
CN108768853B (en) Distributed mixed domain name system and method based on domain name router
KR101326360B1 (en) Method for security communication between dns server and authoritative dns server for thereof and security communication system
US7664880B2 (en) Lightweight address for widely-distributed ADHOC multicast groups
Li et al. Improving DNS cache to alleviate the impact of DNS DDoS attack
WO2016074150A1 (en) Streamlining location-dependent dns configuration
Krishnan et al. Privacy Considerations for DHCPv6
Wang et al. DDQ: Collaborating Against Common DNS-Resolver-based Trackers

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant